this post was submitted on 13 May 2025
44 points (97.8% liked)

Linux

7349 readers
144 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
44
XZ Utils Back Door in Linux - Analysis of the Attack (www.youtube.com)
submitted 5 days ago* (last edited 5 days ago) by HayadSont@discuss.online to c/linux@programming.dev
3 comments fedilink hide all child comments
 

A video by SavvyNik that covers some of the highlights from the following recently published scientific article - Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack

top 3 comments
sorted by: hot top controversial new old
[–] jia_tan@lemmy.blahaj.zone 11 points 5 days ago

Pretty good breakdown. Glad to see my hard work recognized!

[–] w3dd1e@lemm.ee 5 points 5 days ago (1 children)

Thanks for posting. I was literally l looking for updates on this recently and couldn’t find anything. I was worried that it might have been forgotten about

[–] HayadSont@discuss.online 3 points 4 days ago

Thanks for posting.

It has been my pleasure!

I was worried that it might have been forgotten about

The XZ utils supply chain attack has actually made the community more wary of blobs. Some projects were even prompted to come clean on this matter.

Fedora has also recently made a push towards reproducible builds. In the lwn.net article that discussed that push, one of Fedora's spokespeople explicitly said that it would help combat supply chain attacks.

So, all in all, I can confidently say that it did leave a mark on the Linux landscape. Hopefully, this specific attack vector will not be as viable in the foreseeable future.